[net] seg6: fix SRH processing to comply with RFC8754

[net] seg6: fix SRH processing to comply with RFC8754

[Ahmed Abdelsalam]

The Segment Routing Header (SRH) which defines the SRv6 dataplane is defined
in RFC8754.

RFC8754 (section 4.1) defines the SR source node behavior which encapsulates
packets into an outer IPv6 header and SRH. The SR source node encodes the
full list of Segments that defines the packet path in the SRH. Then, the
first segment from list of Segments is copied into the Destination address
of the outer IPv6 header and the packet is sent to the first hop in its path
towards the destination.

If the Segment list has only one segment, the SR source node can omit the SRH
as he only segment is added in the destination address.

RFC8754 (section 4.1.1) defines the Reduced SRH, when a source does not
require the entire SID list to be preserved in the SRH. A reduced SRH does
not contain the first segment of the related SR Policy (the first segment is
the one already in the DA of the IPv6 header), and the Last Entry field is
set to n-2, where n is the number of elements in the SR Policy.

RFC8754 (section 4.3.1.1) defines the SRH processing and the logic to
validate the SRH (S09, S10, S11) which works for both reduced and
non-reduced behaviors.

This patch updates seg6_validate_srh() to validate the SRH as per RFC8754.

Signed-off-by: Ahmed Abdelsalam <ahabdels@gmail.com>
---
 net/ipv6/seg6.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
index 4c7e0a27fa9c..e37d2b34cacc 100644
--- a/net/ipv6/seg6.c
+++ b/net/ipv6/seg6.c
@@ -28,6 +28,7 @@
 bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len)
 {
 	int trailing;
+	int max_last_entry;
 	unsigned int tlv_offset;
 
 	if (srh->type != IPV6_SRCRT_TYPE_4)
@@ -36,7 +37,12 @@ bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len)
 	if (((srh->hdrlen + 1) << 3) != len)
 		return false;
 
-	if (srh->segments_left > srh->first_segment)
+	max_last_entry = (srh->hdrlen / 2) - 1;
+
+	if (srh->first_segment > max_last_entry)
+		return false;
+
+	if (srh->segments_left > srh->first_segment + 1)
 		return false;
 
 	tlv_offset = sizeof(*srh) + ((srh->first_segment + 1) << 4);
-- 
2.17.1

Re: [net] seg6: fix SRH processing to comply with RFC8754

[David Miller]

From: Ahmed Abdelsalam <ahabdels@gmail.com>
Date: Mon,  4 May 2020 14:42:11 +0000

> The Segment Routing Header (SRH) which defines the SRv6 dataplane is defined
> in RFC8754.
> 
> RFC8754 (section 4.1) defines the SR source node behavior which encapsulates
> packets into an outer IPv6 header and SRH. The SR source node encodes the
> full list of Segments that defines the packet path in the SRH. Then, the
> first segment from list of Segments is copied into the Destination address
> of the outer IPv6 header and the packet is sent to the first hop in its path
> towards the destination.
> 
> If the Segment list has only one segment, the SR source node can omit the SRH
> as he only segment is added in the destination address.
> 
> RFC8754 (section 4.1.1) defines the Reduced SRH, when a source does not
> require the entire SID list to be preserved in the SRH. A reduced SRH does
> not contain the first segment of the related SR Policy (the first segment is
> the one already in the DA of the IPv6 header), and the Last Entry field is
> set to n-2, where n is the number of elements in the SR Policy.
> 
> RFC8754 (section 4.3.1.1) defines the SRH processing and the logic to
> validate the SRH (S09, S10, S11) which works for both reduced and
> non-reduced behaviors.
> 
> This patch updates seg6_validate_srh() to validate the SRH as per RFC8754.
> 
> Signed-off-by: Ahmed Abdelsalam <ahabdels@gmail.com>

Applied, thanks.